How to Erase Mobile Data Securely – The Limitations of Factory Reset

Aug 3, 2017

Whether or not we like it, we are becoming more and more reliant on mobile devices – an average person will check theirs 46 times per day. Not only are they practically indispensable in our personal lives, many of us couldn’t realistically do our job without them. Because of this almost constant use, our mobile devices are used to store sensitive data – both personal and professional – which means it is especially important that you securely erase any data from these devices when you no longer need them, whether you are selling, recycling or giving your mobile device to a friend. Too many people falsely believe that a factory reset is sufficient, which puts their data in danger. It is possible to securely erase data from mobile devices, but it is a matter of knowing how to do so.

Manufacturers often suggest factory resetting a phone to clear unnecessary data if it is running slowly or has other performance issues and, in these cases, a factory reset is fine. However, a 2015 study by Blancco in which they bought a number of different second-hand mobile devices, found that 35% of devices contained residual data (including text messages, call logs and emails), and 57% of those devices had previously undergone an attempt to erase data. This shows that, if you are looking to sell or recycle your phone, you may need to think beyond this simple process in order that your data is completely unrecoverable.

iOS Factory Reset Limitations

Since the release of iOS3.0 in 2009, all of Apple’s iOS devices have had the full-system AES-256 disk encryption that turns normal data and text into unreadable code that cannot be deciphered. This encryption, deemed ‘unbreakable’, is built into the phone’s hardware, and can only be unlocked with a special key that decodes the text. From a security perspective, the great thing about an iOS factory reset is that this encryption key is also erased when it is performed, which means it is virtually impossible for anyone to access the data that was previously on the device. Indeed, even the FBI were unable to singlehandedly unlock an encrypted phone that was connected to the 2016 San Bernardino terrorist. From the individual consumer, IOS factory reset provides a virtual guarantee that all your sensitive data is irretrievable. However, corporations and enterprises may require a more detailed audit trail, which IOS itself cannot provide.

Android Factory Reset Limitations

Unfortunately, an Android factory reset isn’t quite as watertight as the iOS process, and is unlikely to erase your data securely. It was only in 2015 that Google mandated full-disk encryption on devices with Marshmallow 6.0, progress from 2014’s 5.0 Lollipop which users had to manually enable. But, in spite of this, Android’s factory reset is still not secure enough to keep erased data safe from hackers, as a result of security issues associated with Android kernel flaws and Qualcomm. This is because the encryption key is stored in software on Android devices, making it potentially retrievable, and therefore rendering all other data vulnerable, as once hackers have the key, they can recover all other data.

In fact, in 2015 Cambridge University found that even with full disk encryption, they were able to recover the encryption key of Android devices with a flawed factory reset, and, as a result, could access Google credentials from each of these devices.

Ensuring Completely Secure Erasure

Whether it is personal or confidential company data that is stored on your device, it is of paramount importance that the data is securely erased. Even if you have performed what you believe is a secure factory reset, the only way to ensure complete data erasure is for data to be cleared and overwritten with dummy data, before that is erased and overwritten again. Blancco Mobile Device Eraser is a fail-safe provider of this service, and can eliminate any uncertainty about the process. With Blancco, your IT team can easily conduct up to 50 secure erasures at the same time, all of which are able to monitor and alter the user interface. After the erasures are complete, you will receive a digitally signed certificate for each device, which can serve as an audit trail and proof of regulatory compliance.

Are you looking to securely erase data on your company’s mobile devices? EOL IT Services use Blancco Mobile Device Eraser to provide the highest level of secure and fully audited data erasure. Contact us today on 0845 600 4696 to find out how we can help you dispose of your mobile data safely and reliably.